#!/bin/sh
#
# rc.php_ini_setup
#
# part of pfSense (https://www.pfsense.org)
# Copyright (c) 2014-2016 Electric Sheep Fencing
# Copyright (c) 2014-2023 Rubicon Communications, LLC (Netgate)
# All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

# Set our operating platform
VERSION=$(/bin/cat /etc/version)
MIN_REALMEM_FOR_OPCACHE=512

if /usr/local/sbin/pkg-static info -e php81; then
	EXTENSIONSDIR="/usr/local/lib/php/20210902/"
elif /usr/local/sbin/pkg-static info -e php74; then
	EXTENSIONSDIR="/usr/local/lib/php/20190902/"
elif /usr/local/sbin/pkg-static info -e php73; then
	EXTENSIONSDIR="/usr/local/lib/php/20180731/"
elif /usr/local/sbin/pkg-static info -e php72; then
	EXTENSIONSDIR="/usr/local/lib/php/20170718/"
fi

# Grab amount of memory that is detected
if [ -f /var/log/dmesg.boot ]; then
	AVAILMEM=$(/bin/cat /var/log/dmesg.boot |/usr/bin/awk '/avail memory/ { memory=($4 / 1048576); printf("%0.0f\n", memory); exit}')
else
	AVAILMEM=$(/sbin/dmesg -a |/usr/bin/awk '/avail memory/ { memory=($4 / 1048576); printf("%0.0f\n", memory); exit}')
fi

if [ -z "$AVAILMEM" ]; then
	MEM=$(/sbin/sysctl -q hw.physmem | cut -d':' -f2)
	AVAILMEM=$(/bin/expr $MEM / 1048576)
fi


# Get amount of ram installed on this system
REALMEM=$(/sbin/sysctl -q hw.realmem | /usr/bin/awk '{print $2/1048576}' | /usr/bin/awk -F '.' '{print $1}')
export REALMEM
export LOWMEM

if [  ${REALMEM} -lt $MIN_REALMEM_FOR_OPCACHE ]; then
	LOWMEM="TRUE"
	echo ">>> Under $MIN_REALMEM_FOR_OPCACHE megabytes of ram detected.  Not enabling opcache"
	echo ">>> Under $MIN_REALMEM_FOR_OPCACHE megabytes of ram detected.  Not enabling opcache" | /usr/bin/logger -p daemon.info -i -t rc.php_ini_setup
else

	# Calculate opcache memory size according
	# to detected memory values
	if [ "$AVAILMEM" -gt "135" ]; then
		OPCACHEMEMSIZE="10"
	fi
	if [ "$AVAILMEM" -gt "256" ]; then
		OPCACHEMEMSIZE="20"
	fi
	if [ "$AVAILMEM" -gt "384" ]; then
		OPCACHEMEMSIZE="25"
	fi
	if [ "$AVAILMEM" -gt "512" ]; then
		OPCACHEMEMSIZE="30"
	fi
	if [ "$AVAILMEM" -gt "784" ]; then
		OPCACHEMEMSIZE="50"
	fi
fi

# Set upload directory
UPLOADTMPDIR="/tmp"

# Define php modules.  Do not add .so, it will
# be done automatically by the script below.
PHPMODULES="standard"
# Config read/write
PHPMODULES="$PHPMODULES xml libxml dom"
PHPMODULES="$PHPMODULES SimpleXML xmlreader xmlwriter"
# Downloading via HTTP/FTP (pkg mgr, etc)
PHPMODULES="$PHPMODULES curl date"
# Internationalization
PHPMODULES="$PHPMODULES gettext"
# User manager
PHPMODULES="$PHPMODULES ldap openssl pcntl"
PHPMODULES="$PHPMODULES mcrypt"
# Regexs, PERL style!
PHPMODULES="$PHPMODULES pcre"
# The mighty posix!
PHPMODULES="$PHPMODULES posix"
PHPMODULES="$PHPMODULES readline"
# Login sessions
PHPMODULES="$PHPMODULES session"
# Firewall rules edit
PHPMODULES="$PHPMODULES ctype"
# firewall_rules_edit.php
PHPMODULES="$PHPMODULES mbstring"
# Synchronization primitives
PHPMODULES="$PHPMODULES shmop"
# Page compression
PHPMODULES="$PHPMODULES zlib"
# SQLlite & Database
PHPMODULES="$PHPMODULES spl"
PHPMODULES="$PHPMODULES PDO"
PHPMODULES="$PHPMODULES sqlite3"
# RADIUS
PHPMODULES="$PHPMODULES radius"
# pfSense extensions
PHPMODULES="$PHPMODULES pfSense"
# json
PHPMODULES="$PHPMODULES json"
# bcmath
PHPMODULES="$PHPMODULES bcmath"
# filter
PHPMODULES="$PHPMODULES filter"
# rrd
PHPMODULES="$PHPMODULES rrd"

PHP_ZEND_MODULES=""

# Modules previously included.
# can be turned on by touching
# /etc/php_dynamodules/$modulename
#	sysvmsg \
#	sysvsem \
#	sysvshm \
#	bcmath \
#	tokenizer \
#	uploadprogress \
#	sockets \
#	Reflection \
#	mysql \
#	bz2	\

# Clear the .ini file to make sure we are clean
if [ -f /usr/local/etc/php.ini ]; then
	/bin/rm /usr/local/etc/php.ini
fi
LOADED_MODULES=$(/usr/local/bin/php-cgi -m | /usr/bin/grep -v "\[")

unset TIMEZONE
# Fetch the timezone from /var/db/zoneinfo if present
if [ -f /var/db/zoneinfo ]; then
	TIMEZONE=$(cat /var/db/zoneinfo)
fi

if [ -z "${TIMEZONE}" ]; then
	# Second option is from config.xml
	TIMEZONE=$(/usr/local/sbin/read_xml_tag.sh string system/timezone)
fi

if [ -z "${TIMEZONE}" ]; then
	# Last option, use default value from $g or Etc/UTC
	TIMEZONE=$(/usr/local/sbin/read_global_var default_timezone "Etc/UTC")
fi

if echo "${VERSION}" | grep -q RELEASE; then
	error_reporting="error_reporting = E_ERROR | E_PARSE"
else
	error_reporting="error_reporting = E_ALL ^ (E_WARNING | E_NOTICE | E_DEPRECATED)"
fi

# Get a loaded module list in the stock php
# Populate a dummy php.ini to avoid
# the file being clobbered and the firewall
# not being able to boot back up.
/bin/cat >/usr/local/etc/php.ini <<EOF
; File generated from /etc/rc.php_ini_setup
output_buffering = "0"
expose_php = Off
implicit_flush = true
magic_quotes_gpc = Off
max_execution_time = 900
request_terminate_timeout = 900
max_input_time = 1800
max_input_vars = 5000
register_argc_argv = On
register_long_arrays = Off
variables_order = "GPCS"
file_uploads = On
upload_tmp_dir = ${UPLOADTMPDIR}
upload_max_filesize = 200M
post_max_size = 200M
html_errors = Off
zlib.output_compression = Off
zlib.output_compression_level = 1
include_path = ".:/etc/inc:/usr/local/pfSense/include:/usr/local/pfSense/include/www:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form:/usr/local/share/pear:/usr/local/share/openssl_x509_crl/"
display_startup_errors=off
display_errors=on
log_errors=on
error_log=/tmp/PHP_errors.log
extension_dir=${EXTENSIONSDIR}
date.timezone="${TIMEZONE}"
session.hash_bits_per_character = 5
session.hash_function = 1
${error_reporting}

; Extensions

EOF

# Loop through and generate modules to load.
# Take into account modules built into php.
for EXT in $PHPMODULES; do
	SHOULDADD="true"
	# Check to see if module is compiled into php statically
	for LM in $LOADED_MODULES; do
		if [ "$EXT" = "$LM" ]; then
			SHOULDADD="false"
		fi
	done
	if [ "$SHOULDADD" = "true" ]; then
		# Ensure extension exists before adding.
		if [ -f "${EXTENSIONSDIR}${EXT}.so" ]; then
			echo "extension=${EXT}.so" >> /usr/local/etc/php.ini
		fi
	fi
done

# Zend modules
for EXT in $PHP_ZEND_MODULES; do
	# Ensure extension exists before adding.
	if [ -f "${EXTENSIONSDIR}${EXT}.so" ]; then
		echo "zend_extension=${EXT}.so" >> /usr/local/etc/php.ini
	fi
done

if [ "$LOWMEM" != "TRUE" ]; then

	/bin/cat >>/usr/local/etc/php.ini <<EOF

; opcache Settings
opcache.enabled="1"
opcache.enable_cli="0"
opcache.memory_consumption="${OPCACHEMEMSIZE}"

EOF
else
	/bin/cat >>/usr/local/etc/php.ini <<EOF
; opcache Settings
opcache.enabled="0"
EOF
fi

# Memory limits 128M to calculated max
PHP_MEMORY_LIMIT="$(read_xml_tag.sh number system/php_memory_limit)"

# Set local variable for available memory to match the PHP code which always pulls from sysctl
MEM=$(/bin/expr $(/sbin/sysctl -q hw.physmem | cut -d':' -f2) / 1048576)

# Calculate MAX memory in the same fashion as get_php_max_memory() in /etc/inc/util.inc
let PHP_MAX_LIMIT=${MEM}-512

if [ "${PHP_MAX_LIMIT}" -le "0" ]; then
	let PHP_MAX_LIMIT=${MEM}-128

	if [ "${PHP_MAX_LIMIT}" -lt "128" ]; then
		PHP_MAX_LIMIT=128
	fi
fi

# If outside of limits, revert to default in same fashion as get_php_default_memory() in /etc/inc/util.inc
if ! { [ -n "${PHP_MEMORY_LIMIT}" ] && [ "${PHP_MEMORY_LIMIT}" -ge "128" ] && [ "${PHP_MEMORY_LIMIT}" -le "${PHP_MAX_LIMIT}" ]; }; then
	if [ "$(uname -m)" == "amd64" ]; then
		PHP_MEMORY_LIMIT=512
	else
		PHP_MEMORY_LIMIT=128
	fi

	if [ ${PHP_MEMORY_LIMIT} -ge "${MEM}" ]; then
		let PHP_MEMORY_LIMIT=${MEM}/2
		if [ "${PHP_MEMORY_LIMIT}" -lt "128" ]; then
			PHP_MEMORY_LIMIT=128
		fi
	fi
fi

/bin/cat >>/usr/local/etc/php.ini <<EOF
memory_limit="${PHP_MEMORY_LIMIT}M"
EOF

PHPFPMMAX=3
PHPFPMIDLE=30
PHPFPMSTART=1
PHPFPMSPARE=2
PHPFPMREQ=500
if [ $REALMEM -lt 250 ]; then
	PHPFPMMAX=2
       PHPFPMIDLE=5
       PHPFPMSTART=1
       PHPFPMSPARE=1
       PHPFPMREQ=500
elif [ ${REALMEM} -gt 1000 ]; then
       PHPFPMMAX=8
       PHPFPMIDLE=3600
       PHPFPMSTART=2
       PHPFPMSPARE=7
       PHPFPMREQ=5000
fi

/bin/cat > /usr/local/lib/php-fpm.conf <<EOF

[global]
pid = run/php-fpm.pid
error_log=syslog
syslog.facility = daemon
syslog.ident = system
log_level = error
daemonize = yes
events.mechanism = kqueue
process.max = ${PHPFPMMAX}

[nginx]
user = root
group = wheel
;mode = 0600

listen = /var/run/php-fpm.socket
listen.owner = root
listen.group = wheel
listen.mode = 0600

security.limit_extensions =

; Pass environment variables
env[PATH] = /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
env[LOGNAME] = root

EOF

if [ $REALMEM -lt 350 ]; then
	/bin/cat >> /usr/local/lib/php-fpm.conf <<EOF

pm = ondemand
pm.process_idle_timeout = $PHPFPMIDLE
pm.max_children = $PHPFPMMAX
pm.max_requests = $PHPFPMREQ
EOF

elif [ $REALMEM -gt 1000 ]; then
	/bin/cat >> /usr/local/lib/php-fpm.conf <<EOF

pm = dynamic
pm.process_idle_timeout = $PHPFPMIDLE
pm.max_children = $PHPFPMMAX
pm.start_servers = $PHPFPMSTART
pm.max_requests = $PHPFPMREQ
pm.min_spare_servers=1
pm.max_spare_servers= $PHPFPMSPARE

EOF
else

	/bin/cat >> /usr/local/lib/php-fpm.conf <<EOF

pm = static
pm.max_children = $PHPFPMMAX
pm.max_requests = $PHPFPMREQ
EOF

fi

# Add status url for php-fpm this will only be made available from localhost through nginx 'allow 127.0.0.1'
	/bin/cat >> /usr/local/lib/php-fpm.conf <<EOF
pm.status_path = /status

EOF

# Remove old log file if it exists.
if [ -f /var/run/php_modules_load_errors.txt ]; then
	/bin/rm /var/run/php_modules_load_errors.txt
fi

for EXT in $PHPMODULES; do
	PHPMODULESLC="$PHPMODULESLC $(echo "$EXT" | /usr/bin/tr '[:upper:]' '[:lower:]')"
done

# Check loaded modules and remove anything that did not load correctly
LOADED_MODULES=$(/usr/local/bin/php-cgi -m | /usr/bin/tr '[:upper:]' '[:lower:]' 2>/dev/null | /usr/bin/grep -v "\[")
for EXT in $PHPMODULESLC; do
	SHOULDREMOVE="true"
	for LM in $LOADED_MODULES; do
		if [ "$EXT" = "$LM" ]; then
			SHOULDREMOVE="false"
			break
		fi
	done
	# Handle low memory situations
	if [ "$LOWMEM" = "TRUE" ]; then
		if [ "$EXT" = "opcache" ]; then
			SHOULDREMOVE="true"
		fi
		if [ "$EXT" = "xcache" ]; then
			SHOULDREMOVE="true"
		fi
	fi
	if [ "$SHOULDREMOVE" = "true" ]; then
		if [ -f "${EXTENSIONSDIR}${EXT}.so" ]; then
			echo ">>> ${EXT} did not load correctly.  Removing from php.ini..." >> /var/run/php_modules_load_errors.txt
			/bin/cat /usr/local/etc/php.ini | /usr/bin/grep -v $EXT > /tmp/php.ini
			/bin/rm -f /usr/local/etc/php.ini
			/bin/mv /tmp/php.ini /usr/local/etc/php.ini
		fi
	fi
done
